Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208884.roa
File:                     AS208884.roa (raw, json)
Hash identifier:          erOzlDftmJEC0Df84LLefFuehFeBAYdL800Jlu6unws=
Subject key identifier:   2C:94:81:F6:55:6B:28:FA:96:C3:5C:37:78:5A:58:9E:C5:25:F0:41
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2ECE356F36F533CB19FB331DB7C139391AD6ACC4
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208884.roa
Signing time:             Thu 16 Apr 2026 01:08:32 +0000
ROA not before:           Thu 16 Apr 2026 01:03:32 +0000
ROA not after:            Thu 15 Apr 2027 01:08:32 +0000
asID:                     208884
IP address blocks:        2a0f:85c1:c37::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:ce:35:6f:36:f5:33:cb:19:fb:33:1d:b7:c1:39:39:1a:d6:ac:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr 16 01:03:32 2026 GMT
            Not After : Apr 15 01:08:32 2027 GMT
        Subject: CN=2C9481F6556B28FA96C35C37785A589EC525F041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8c:b2:ad:fc:2e:60:20:9e:80:0e:05:67:76:
                    c8:1a:a1:d2:23:25:25:71:f0:45:dd:24:cc:16:43:
                    d0:8c:17:85:82:1c:d4:e7:8a:5f:75:6d:c4:39:a7:
                    d6:c1:73:b0:84:09:92:bb:5d:6e:24:db:33:d6:c2:
                    3a:2d:ce:e8:44:e1:a4:4c:15:08:fc:b8:db:22:e4:
                    f8:9b:10:db:0a:c5:3e:f0:62:99:c2:c6:2b:05:04:
                    e1:85:0e:19:a0:ec:e4:6a:ad:e8:9f:c5:17:69:21:
                    3f:d9:d0:d0:64:7d:68:43:af:98:cc:96:78:bc:5d:
                    a5:f2:19:06:3e:33:3e:85:88:6f:20:f8:31:34:4e:
                    94:d5:ff:bc:49:4b:97:99:16:59:f0:08:25:d6:cb:
                    ae:32:b1:3c:ee:a6:7f:a2:f1:70:ef:67:c5:df:5e:
                    6d:81:5c:25:8b:15:85:06:b1:a3:8a:af:5d:38:cc:
                    37:71:61:12:40:3d:db:92:13:1b:03:b0:98:f0:3d:
                    3c:10:3d:7f:2f:65:ee:02:04:0d:48:aa:15:a6:d2:
                    b4:47:de:78:2e:5b:c5:36:98:4a:94:b9:57:f6:f6:
                    88:41:95:71:be:58:5e:13:24:91:9f:59:26:ce:8e:
                    dc:22:d4:f8:18:90:60:6e:ef:bc:03:16:68:3a:72:
                    c8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:94:81:F6:55:6B:28:FA:96:C3:5C:37:78:5A:58:9E:C5:25:F0:41
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208884.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c37::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:d6:9a:81:18:1c:83:fa:74:c7:5b:2d:3b:b9:c1:f5:22:f9:
         95:e6:74:6e:46:d6:24:64:ec:76:54:74:48:8f:06:22:05:bb:
         aa:25:c1:5a:ba:e4:cf:b6:b8:2e:50:6f:76:05:af:00:d1:f9:
         f3:aa:41:4c:55:36:f7:fb:6a:ca:50:d1:e2:0f:c4:62:43:da:
         e0:da:de:11:51:02:33:7c:e7:58:3a:02:73:70:84:0b:ce:f8:
         3a:b2:8b:e5:a3:55:90:b3:42:c6:a1:e5:7d:7e:b7:be:6f:9c:
         48:c1:00:0c:f4:ca:0f:ef:69:fa:ff:83:67:e0:cf:99:b1:11:
         3d:35:e9:c5:1e:e0:70:e8:ff:53:ec:c5:01:06:e5:35:71:38:
         cb:cb:17:6f:93:56:75:0b:f3:3a:a5:5a:60:0a:93:01:cf:e3:
         b5:57:12:3d:e9:42:42:9d:f0:b7:3a:f0:d0:dd:57:c9:17:20:
         c7:1e:ff:dc:a3:42:ef:1a:f3:14:98:02:2d:e1:ea:6d:ad:ea:
         48:9a:d8:c7:e5:76:2b:de:2b:e4:2d:a7:3f:fa:08:6f:d6:ef:
         48:0a:8c:27:30:78:b6:04:33:57:4a:73:ee:1a:86:04:85:e5:
         74:b4:83:c0:57:18:d9:ce:59:cd:bd:92:ab:b7:90:4d:c1:d7:
         a0:8e:3b:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULs41bzb1M8sZ+zMdt8E5ORrWrMQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA0MTYwMTAzMzJaFw0yNzA0MTUwMTA4MzJaMDMxMTAvBgNV
BAMTKDJDOTQ4MUY2NTU2QjI4RkE5NkMzNUMzNzc4NUE1ODlFQzUyNUYwNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVjLKt/C5gIJ6ADgVndsgaodIj
JSVx8EXdJMwWQ9CMF4WCHNTnil91bcQ5p9bBc7CECZK7XW4k2zPWwjotzuhE4aRM
FQj8uNsi5PibENsKxT7wYpnCxisFBOGFDhmg7ORqreifxRdpIT/Z0NBkfWhDr5jM
lni8XaXyGQY+Mz6FiG8g+DE0TpTV/7xJS5eZFlnwCCXWy64ysTzupn+i8XDvZ8Xf
Xm2BXCWLFYUGsaOKr104zDdxYRJAPduSExsDsJjwPTwQPX8vZe4CBA1IqhWm0rRH
3nguW8U2mEqUuVf29ohBlXG+WF4TJJGfWSbOjtwi1PgYkGBu77wDFmg6csilAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQULJSB9lVrKPqWw1w3eFpYnsUl8EEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA4ODg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQw3MA0GCSqGSIb3DQEBCwUAA4IBAQB51pqBGByD+nTHWy07ucH1IvmV5nRuRtYk
ZOx2VHRIjwYiBbuqJcFauuTPtrguUG92Ba8A0fnzqkFMVTb3+2rKUNHiD8RiQ9rg
2t4RUQIzfOdYOgJzcIQLzvg6sovlo1WQs0LGoeV9fre+b5xIwQAM9MoP72n6/4Nn
4M+ZsRE9NenFHuBw6P9T7MUBBuU1cTjLyxdvk1Z1C/M6pVpgCpMBz+O1VxI96UJC
nfC3OvDQ3VfJFyDHHv/co0LvGvMUmAIt4eptrepImtjH5XYr3ivkLac/+ghv1u9I
CownMHi2BDNXSnPuGoYEheV0tIPAVxjZzlnNvZKrt5BNwdegjjvH
-----END CERTIFICATE-----